zloader | 5c5c8af2a703aa1842f4ce9f9e83aeeac0e2cc2d3ed1bf9f9ad72b7f77e89a42 | Triage

Sharing

General

Target

r.php
Size

440KB
Sample

201202-ff2b8wv312
MD5

be211fc134a945398f96e3cfe8ac0acd
SHA1

1546aed93ddf813d13635664470454bf40d89056
SHA256

5c5c8af2a703aa1842f4ce9f9e83aeeac0e2cc2d3ed1bf9f9ad72b7f77e89a42
SHA512

7205a3ac02803fc26b8d895edbad0319d0ce40cfb84250e7fd08bf13bdf6df022784e75e672be2f28621aa94f78de41815d326edfd44599937d15d057dff9902

Score

10^/10

zloader nut 02/12 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

02/12

C2

https://www.alhasanatbooks.com/reader.php

https://aflim.org.ng/wp-punch.php

https://sardarmohammad.com/reports.php

https://erikarabelo.com.br/server.php

https://thechapelofthehealingcross.org/java.php

https://grebcanualcwilfprofal.ml/wp-smarts.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  r.php
- Size
  
  440KB
- MD5
  
  be211fc134a945398f96e3cfe8ac0acd
- SHA1
  
  1546aed93ddf813d13635664470454bf40d89056
- SHA256
  
  5c5c8af2a703aa1842f4ce9f9e83aeeac0e2cc2d3ed1bf9f9ad72b7f77e89a42
- SHA512
  
  7205a3ac02803fc26b8d895edbad0319d0ce40cfb84250e7fd08bf13bdf6df022784e75e672be2f28621aa94f78de41815d326edfd44599937d15d057dff9902
Score

10^/10

zloader nut 02/12 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut02/12botnettrojan

behavioral2